[Samba] Fwd: About samba 3.0.28 trust AD

Jonathan Buzzard jonathan at buzzard.me.uk
Sun Jul 28 23:41:12 MDT 2013

On 29/07/13 00:48, Nico Kadel-Garcia wrote:
> On Sun, Jul 28, 2013 at 5:39 PM, Marc Muehlfeld<samba at marc-muehlfeld.de>  wrote:
>> Hello,
>> Am 06.07.2013 15:26, schrieb Wong siu yu:
>>> I had a RedHat 5.2 need to trust domain the Windows Server 2008 R2 (forest
>>> level 2003).
>>> Which package I need to install first? I am using samba-3.0.28 but I have
>>> no samba-winbind.
>>> May I know procedures of trust setting in Linux?
>> Please have a look here first:
>> http://wiki.samba.org/index.php/FAQ#How_to_do_or_fix_..._in_an_outdated_Samba_version.3F
> Red Hat 5.2 (which is amazingly old now), or RHEL 5.2 (which is only 5
> years old)? If RHEL 5.2, you should at least remove the samba-*
> packages and replace them with the samba3x-* packages, which include
> samba3x-winbind and are version 3.6.6, instead of the much older
> samba-3.0.33 which is the last update from a licensed RHEL host.

That requires something much more recent than RHEL5.2. As I recall 
samba3x first came with RHEL 5.6

> If your RHEL license has expired, you can also consider using the
> CentOS or Scientific Linux versions of the package.

He needs to do more than that. The version of RHEL he is running has 
more than one remote root exploit, with Samba being one of them. Just 
replacing the Samba packages with something more recent is insufficient 
to secure that machine. As a matter of some urgency the box should be 
upgraded to latest, and if the RHEL license has expired then "switched" 
to CentOS/Scientific Linux. Personally my choice is CentOS because a 
range of third part software e.g. all the Dell firmware updates 
recognize CentOS and work where they consider Scientific Linux as 
unsupported without fiddling with things.


Jonathan A. Buzzard                 Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

More information about the samba mailing list